[src/netbsd-1-4]: src/gnu/usr.bin/gzip Pull up revision 1.9 (requested by ito...

[he <he%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/30716343043c
branches:  netbsd-1-4
changeset: 471326:30716343043c
user:      he <he%NetBSD.org@localhost>
date:      Wed Jan 16 09:06:07 2002 +0000

description:
Pull up revision 1.9 (requested by itojun):
  Fix long file name buffer overrun vulnerability.

diffstat:

 gnu/usr.bin/gzip/gzip.c |  11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diffs (28 lines):

diff -r a19f9014c6d0 -r 30716343043c gnu/usr.bin/gzip/gzip.c
--- a/gnu/usr.bin/gzip/gzip.c   Mon Jan 14 15:23:57 2002 +0000
+++ b/gnu/usr.bin/gzip/gzip.c   Wed Jan 16 09:06:07 2002 +0000
@@ -45,7 +45,7 @@
  */
 
 #ifdef RCSID
-static char rcsid[] = "$Id: gzip.c,v 1.3 1998/03/06 18:17:13 tv Exp $";
+static char rcsid[] = "$Id: gzip.c,v 1.3.2.1 2002/01/16 09:06:07 he Exp $";
 #endif
 
 #include <ctype.h>
@@ -1005,7 +1005,14 @@
 #ifdef NO_MULTIPLE_DOTS
     char *dot; /* pointer to ifname extension, or NULL */
 #endif
-
+    int max_suffix_len = (z_len > 3 ? z_len : 3);
+ 
+    /* Leave enough room in ifname or ofname for suffix: */
+    if (strlen(iname) >= sizeof(ifname) - max_suffix_len) {
+       strncpy(ifname, iname, sizeof(ifname) - 1);
+       /* last byte of ifname is already zero and never overwritten */
+       error("file name too long");
+    }
     strcpy(ifname, iname);
 
     /* If input file exists, return OK. */